A computer system in a network that is fortified against illegal entry and attack, because it is exposed to the outside world (the Internet). Bastion hosts are used for services such as Web site hosting, mail, DNS lookups and FTP transfer and are located on the public side of a perimeter net (DMZ). The name comes from medieval fortresses built with bastions, which were projections out from the wall that enabled more men to gather behind in order to shoot their arrows. See firewall.

Bastion Hosts in a Firewall

In this "screened subnet" firewall architecture, several bastion hosts reside in their own perimeter net, which is protected by screening routers on both ends.